[keycloak-user] Logging out

Bill Burke bburke at redhat.com
Mon Mar 24 17:16:31 EDT 2014

On 3/24/2014 5:10 PM, Dean Peterson wrote:
> Logging out seems unnecessarily complicated.  I need to have a
> management url located in my application?

How else would we do it?  We have to:

1. Reset the realm's login cookie at the keycloak server's domain
2. Invalidate each login session of each logged in application

#1 requires a redirect to the keycloak server.  For #2 we invoke 
k_logout on each managementUrl which invalidates the HttpSession.

> I use KeycloakUriBuilder to build the logout url and end up in the
> logoutApplication method of ResourceAdminManager.  That is where I am at
> a loss.  The application is expecting I have something in my app with a
> path that contains "k_logout".  What should happen at that location?
>   What code goes in the REST service at that location on my end?
> Also, if I do not fill out the "Admin" url inside keycloak, the
> managementUrl parameter comes back as an empty string instead of null.
>   That causes an error because the if statement in the logoutApplication
> method only checks for null.

Keycloak server should check for empty string for managementUrl.  That 
is a bug.

Bill Burke
JBoss, a division of Red Hat

More information about the keycloak-user mailing list